Increasingly internet users online activities are being monitored and sold by large companies, landing some users in embarassing or financially damaging situations. Some privacy advocates are calling on the U.S. government to regulate how much user info can be collected. (Source: Telegraph UK)

Industry coalition is pushing for tougher privacy legislation -- but is it a trojan source to sneak in monitoring?

In
light recent data breaches like AT&T's accidental
release of 100,000+ iPad customers' email addresses
(including both Democratic and Republican politicians), some in the
software industry and government are pushing for tougher privacy
standards.

Among those companies pushing for improvements is
Microsoft. Peter Cullen, chief privacy strategist for Microsoft
Corp, speaking at the Family Online Safety Institute's annual
conference, states, "Information is the currency of growth, but
it's also increasingly become the currency of crime. People
have very high expectations when it comes to companies in terms of
how they collect, use, store and most importantly protect their
information."

Its unacceptable for internet service
providers and wireless carriers to let data be stolen or sell private
data, he believes.

Online reputation-management company
ReputationDefender founder, Michael Fertik, told a government panel recently that some people are suggesting that the U.S. government step up and force ISPs to
give customers an easy to use interface to control what kinds of
personal data they want to allow to be collected -- the strategy employed by European regulators. He argues
that most customers don't even realize that online media companies (e.g. Facebook, Google) are tracking their
online behavior. In a conversation with Reuters he
states, "It's remarkable how deep the data sets are about each
of us, and it's disturbing."

While data miners like Google and Yahoo
in cutting
its data retention times, the companies regularly
collect data on users' "private" internet
activities -- particularly web searches. That data could
increasingly land some users in trouble. For example, health
insurers are investigating using mined search data to monitor how
often users frequent fast food restaurants, increasing premiums
accordingly. And some private investigation firms want to use
searches for dating sites to ID infidelity.

Mr. Fertik says
that expecting advertising-driven companies to self-censor when there's
profit to be made is a questionable proposition. He stated to us, "It is impossible to run a digital media company and care deeply about privacy."

Microsoft, despite doing some data mining of its own, earned Mr. Fertik's praise. The key differentiation, as he sees it, is that Microsoft does not make the majority of its profits from advertising and thus has far less to lose from protecting privacy than its rivals. He commented to us, "Microsoft and IBM dont make most of their money off advertising, so there's [little] tension between money and privacy."

He also tells us that he supports legislation to make it easier to opt out of data mining, stating, "It should be easier to opt out."

Congress is currently debating the proposal of new
privacy laws that could offer users new protections in an
increasingly web-connected world. The idea has some support
with both parties -- and some opposition from members of both
parties, as well. Amy Mushahwar, a data privacy and security
attorney at Reed Smith LLP, states, "This is a much less
partisan issue that still has the potential for movement."

There was some ambiguity in the interview Mr. Fertik gave Reuters, regarding whether he was directing his comments towards Microsoft. We briefly interviewed him and have gained more perspective on his opinions.

Mr. Fertik made it clear to us that actually he holds a positive opinion of Microsoft and that he does not give negative comments about specific companies -- only positive ones. When giving critical comments he refers in generalities like "media companies". It is, however, pretty easy to figure out who the biggest-advertising driven forces on the internet are, so the remarks aren't too cryptic.

ReputationDefender is a company users can pay to remove their personal information from mining database and to lock those databases from collecting future information on their activities.

Comments

Threshold

Username

Password

remember me

This article is over a month old, voting and posting comments is disabled

They don't need to contact your ISP to find out what IP address is assigned to you. They've already got your IP address (see http://www.whatsmyip.org/ for example), and all they need to associate that IP address with you is for you to login to any of their services.

You end up with:"64.54.109.2 searches for red umbrellas a lot""Spivonious is the only login from 64.54.109.2""Spivonious account info lists his name as Joe Schmoe at 222 street dr walla walla washington""Joe Schmoe at that address likes red umbrellas"

Different people are going to have different levels of privacy they feel uncomfortable with. You may be comfortable with MS/Google/government/etc. having everything. Others will not feel good about that.The point was really that various commercial (and public/gov.) organizations probably have a lot more of your info than you expect thanks to long term data retention and the different channels from which they can procure data.

quote: And then I might get a coupon for a red umbrella in my email. I fail to see any ill ramifications of this.

Say you searched for McDonalds and Taco Bell because you were feeling hungry and wanted to mapquest the nearest one while you were on travel.

You might get a coupon in the mail. You might also notice your insurance bill jumped. According to reports some insurance firms have started look at mined info to try to find health info on subscribers and applicants.

Sure you could just get another company if you insure yourself, but what if all the companies did this?

Or maybe you're searching for a new job. Some employers have also started to use these kinds of techniques to identify employees quitting or on the verge of quitting. You might have action taken against you as a result.

Maybe you don't eat fast food and you're not searching for a job... but there's a ton more examples of how someone knowing EVERYTHING you did online could hurt you financially or professionally...

Of course we could also use this to our advantage. If you know your insurance company is one that does then, they just get online every night and do searches for health food items and exercise equipment and health clubs. Maybe then you can eat your McDonalds and still get a discount on your health care.

Unfortunately, the reason why an insurance company would do this is to increase profits by finding reasons to continue to drive premiums upwards. Insurance companies have little reason - other than competition - to attempt to drive them downwards. They need to show growth in profits to please shareholders.

It is a very fine line indeed. We all want the internet to be helpful, and certainly if it can suggest things I may be interested in then that makes it a more powerful tool in my daily life. However spidey with great power comes great responsibility, and anything can be abused.

quote: You might also notice your insurance bill jumped. According to reports some insurance firms have started look at mined info to try to find health info on subscribers and applicants.

This says more of you than the implied evil insurance companies. So what if they do this. How about if you never search for these things, and as a result of the insurance companies dropping the fatties from the group your insurance goes down. What I mean about "this says more of you" is that the remark reeks of anti-corporate attitude you always display.

Why shouldn't they charge you more based on historical data that says you're a higher risk? Why should you get to sneak in and get the same rate as Joe Bob fitness nut that Google's exercise and USDA fiber requirements.

Your implication is that with this data they would do some kind of evil when in fact it would allow them to better model pricing based on risk level. Right now everyone pays more because Fatty McFatty eats at McD's every day. If there is a way to single him out and save those of us that don't more then I'm all for it.

Currently in any insurance group policy the healthy pay for the sick, it is just another form of forced charity (or socialism if you will). At the end of the day the insurance company will still make money, and Fatty McFatty has no incentive to eat better, because hell it will only rise his premium a little since it is spread out across hundreds of people who do give a damn.

All fine and good, but what if for some reason you are searching for something bad for say a research project for your kids then even though you are Mr. Healthnut you end up having higher rates because the insurance company thinks you are high risk? A person's web searching habits may not be an accurate indicator of that person's actual habits. Even worse is if someone were to hijack your wireless connection and you end up being tagged as interested in things you would never even think about looking up. Too many ways for the data to be inaccurate for this to ever be something that should be allowed.

Take the employment scenario listed earlier, say your kid graduates college and begins searching for a job using your computer, then your employer gets hold of the info and you either have to explain what is going on or just end up fired because they think you are leaving. An IP address can not be guaranteed to be linked to only one person. Of course if you always use a public link they would have an even harder time of tracking you.

Your examples indicate false positives, which would need to be accounted for in the algorithm. The goal for the insurance companies is to better assess risk in order to be more efficient, and thus make more money. Ignoring false positives would be counter intuitive to that goal.

You and Mick both have a very fatalistic viewpoint, that because it could be misused it would be. When in fact they are not looking to drop or loose customers, rather more accurately assign risk.

On the employer side, once that employer has that information you both jump to the grim conclusion that they would fire you. Again if I'm a smart employer, that values a skilled employee, I use that information to find out why he/she is not satisfied and work with them to retain that employee. It is rarely more cost effective to fire/hire than it is to retain.

Just because Corporate America puts itself first, does not mean they are out to get you.

You have seriously GOT to be kidding me. Given the smallest opportunity any corporation out there will drive up its revenue and profit via any means they can get away with. This includes illegal means if they think they can get away with it...and most of the time they can. When they can't, it's accompanied by an insincere apology and a slap on the wrist from a corporately controlled government.

There are myriad reports of companies utilizing unethical or downright illegal business practice to drive up their bottom lines. Verizon's recent admission to data over charging, Intel's settlement with AMD some time back, Capital One's recent attempt to re-age their debt by issuing 'new' credit cards to avoid recent reform legislation, Microsoft's clear buyout of various ISO standards committees to push through OOXML...and the list goes on and on and on. These sound like entities that can be trusted with your personal information?

If that data can be misused, you'd best be ready when it IS misused. It's not a matter of if...it will happen. It's only a matter of time and degree.

If you REALLY think corporations are going to ethically handle millions of people's private data, you're possibly the most deluded and gullible individuals I've ever met. Corporate America is not out to get you. It's out to get your money. And they don't give a damn about you or your life as long as they get that money.

quote: Corporate America is not out to get you. It's out to get your money.

I agree 100%, but that goal is NOT in and of itself "evil". The implication was that if they could do evil they would, but I contend that is tin foil hat paranoia. They only do evil if the market allows them to do so.

There is no more transparent entity than Corporate America. As you said they are out for profit and profit only, no hidden "agenda". If it can make them money they will do it, as you said even if it is illegal. But even the act of breaking the law to turn a profit, has a cost benefit associated with it and most of the time the risk is too great for the reward.

They behave with one sole purpose to make money, there is nothing emotional or "evil" about that. They can certainly be evil, but it will usually cost them more than it makes thus preventing such behavior because it violates their one and only goal.

Guess what I'm saying is they are only as evil as we the consumers let them be. If you don't like the behavior of those companies in your example don't buy their products. If their behavior is evil enough, and enough of us stand against them, they will cease that behavior or cease to exist.

Easy solution to that problem with insurance companies doing what you mention: MAKE IT ILLEGAL! Seriously, one law passed at the federal level, which EVERYONE from Republican to Democrat would definitely get behind and that stupidity would stop.